Merge branch '30-fix-geo-authorized-keys-regex' into 'master'

Improve regex for geo auth keys checker Closes #30 and #219572 See merge request gitlab-org/gitlab!33447

Merge branch '30-fix-geo-authorized-keys-regex' into 'master'
Improve regex for geo auth keys checker Closes #30 and #219572 See merge request gitlab-org/gitlab!33447
c22f7b06 · Robert Speicher · 07a72e8d · 03759b4b · c22f7b06 · c22f7b06
Commit c22f7b06 authored Jun 01, 2020 by Robert Speicher
4 changed files
--- a/ee/changelogs/unreleased/30-fix-geo-authorized-keys-regex.yml
+++ b/ee/changelogs/unreleased/30-fix-geo-authorized-keys-regex.yml
+---
+title: Improve regex for geo auth keys checker
+merge_request: 33447
+author:
+type: fixed
--- a/ee/lib/system_check/geo/authorized_keys_check.rb
+++ b/ee/lib/system_check/geo/authorized_keys_check.rb
@@ -193,7 +193,7 @@ module SystemCheck

        File.open(openssh_config_path) do |f|
          f.each_line do |line|
-            if (match = line.match(regexp))
+            if (match = line.strip.match(regexp))
              raw_content = match[:content]
              # remove linebreak, and lead and trailing spaces
              return raw_content.chomp.strip # rubocop:disable Cop/AvoidReturnFromBlocks

--- a/ee/spec/fixtures/system_check/sshd_config_leading_whitespace
+++ b/ee/spec/fixtures/system_check/sshd_config_leading_whitespace
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+#AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
+ AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
+  AuthorizedKeysCommandUser git
--- a/ee/spec/lib/system_check/geo/authorized_keys_check_spec.rb
+++ b/ee/spec/lib/system_check/geo/authorized_keys_check_spec.rb
@@ -111,6 +111,12 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k')
    end

+    it 'returns correct (leading whitespace) command' do
+      override_sshd_config('system_check/sshd_config_leading_whitespace')
+
+      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k')
+    end
+
    it 'returns command without comments and without quotes' do
      override_sshd_config('system_check/sshd_config_invalid_command')

@@ -131,6 +137,12 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
      expect(subject.extract_authorized_keys_command_user).to eq('git')
    end

+    it 'returns correct (leading whitespace) command' do
+      override_sshd_config('system_check/sshd_config_leading_whitespace')
+
+      expect(subject.extract_authorized_keys_command_user).to eq('git')
+    end
+
    it 'returns command without comments' do
      override_sshd_config('system_check/sshd_config_invalid_command')